Skip to content

Commit

Permalink
🐛 Use defined scanner image also for container scan (#900)
Browse files Browse the repository at this point in the history 
When the `MondooAuditConfig` defiens a custom image, also use it for the container scan `CronJob`.

Fixes #887

Signed-off-by: Christian Zunker <[email protected]>
  • Loading branch information
@czunker
czunker authored Oct 26, 2023
1 parent 85ab8cb commit 74cf403
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 1 deletion.
2 changes: 1 addition & 1 deletion controllers/container_image/deployment_handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ func (n *DeploymentHandler) Reconcile(ctx context.Context) (ctrl.Result, error)

func (n *DeploymentHandler) syncCronJob(ctx context.Context) error {
mondooClientImage, err := n.ContainerImageResolver.CnspecImage(
"", "", n.MondooOperatorConfig.Spec.SkipContainerResolution)
n.Mondoo.Spec.Scanner.Image.Name, n.Mondoo.Spec.Scanner.Image.Tag, n.MondooOperatorConfig.Spec.SkipContainerResolution)
if err != nil {
logger.Error(err, "Failed to resolve mondoo-client container image")
return err
Expand Down
33 changes: 33 additions & 0 deletions controllers/container_image/deployment_handler_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,39 @@ func (s *DeploymentHandlerSuite) TestReconcile_Create() {
s.Equal(expected, created)
}

func (s *DeploymentHandlerSuite) TestReconcile_CreateWithCustomImage() {
d := s.createDeploymentHandler()

s.auditConfig.Spec.Scanner.Image.Name = "ubuntu"
s.auditConfig.Spec.Scanner.Image.Tag = "22.04"

result, err := d.Reconcile(s.ctx)
s.NoError(err)
s.True(result.IsZero())

nodes := &corev1.NodeList{}
s.NoError(d.KubeClient.List(s.ctx, nodes))

image, err := s.containerImageResolver.CnspecImage("ubuntu", "22.04", false)
s.NoError(err)

expected := CronJob(image, "", test.KubeSystemNamespaceUid, "", s.auditConfig, mondoov1alpha2.MondooOperatorConfig{})
s.NoError(ctrl.SetControllerReference(&s.auditConfig, expected, d.KubeClient.Scheme()))

// Set some fields that the kube client sets
gvk, err := apiutil.GVKForObject(expected, d.KubeClient.Scheme())
s.NoError(err)
expected.SetGroupVersionKind(gvk)
expected.ResourceVersion = "1"

created := &batchv1.CronJob{}
created.Name = expected.Name
created.Namespace = expected.Namespace
s.NoError(d.KubeClient.Get(s.ctx, client.ObjectKeyFromObject(created), created))

s.Equal(expected, created)
}

func (s *DeploymentHandlerSuite) TestReconcile_Create_PrivateRegistriesSecret() {
d := s.createDeploymentHandler()

Expand Down

0 comments on commit 74cf403

Please sign in to comment.